You see that the VMware ESX Agent Manager is not running.

When starting the service you get the following error:

Troubleshooting:
- List all certificates to look for possible out of date certifications
- Renewed the certificates through the vCSA’s Certificate Manager (explanation below)
- Manual replacement of the eam.properties file > kb 2148582
- Ran the lsdoctor tool > kb 80469
List certificates
root@vcsa1 [ ~ ]# for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo $i; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $i --text | grep -i "not after"; done;
MACHINE_SSL_CERT
Not After : Sep 14 11:21:40 2024 GMT
TRUSTED_ROOTS
Not After : Aug 18 11:26:49 2031 GMT
Not After : Aug 18 08:36:16 2031 GMT
Not After : Sep 8 11:52:23 2032 GMT
TRUSTED_ROOT_CRLS
machine
Not After : Oct 23 11:37:19 2025 GMT
vsphere-webclient
Not After : Oct 23 11:37:21 2025 GMT
vpxd
Not After : Oct 23 11:37:22 2025 GMT
vpxd-extension
Not After : Oct 23 11:37:22 2025 GMT
APPLMGMT_PASSWORD
data-encipherment
Not After : Sep 9 09:38:02 2032 GMT
SMS
Not After : Aug 23 11:31:39 2031 GMT
hvc
Not After : Oct 23 11:37:25 2025 GMT
wcp
Not After : Oct 23 11:37:25 2025 GMT
BACKUP_STORE
Not After : Sep 14 11:21:40 2024 GMT
Not After : Oct 23 11:13:01 2025 GMT
Not After : Oct 23 11:13:02 2025 GMT
Certificate Manager > Option 6
root@vcsa1 [ ~ ]# /usr/lib/vmware-vmca/bin/certificate-manager
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
| |
| *** Welcome to the vSphere 7.0 Certificate Manager *** |
| |
| -- Select Operation -- |
| |
| 1. Replace Machine SSL certificate with Custom Certificate |
| |
| 2. Replace VMCA Root certificate with Custom Signing |
| Certificate and replace all Certificates |
| |
| 3. Replace Machine SSL certificate with VMCA Certificate |
| |
| 4. Regenerate a new VMCA Root Certificate and |
| replace all certificates |
| |
| 5. Replace Solution user certificates with |
| Custom Certificate |
| NOTE: Solution user certs will be deprecated in a future |
| release of vCenter. Refer to release notes for more details.|
| |
| 6. Replace Solution user certificates with VMCA certificates |
| |
| 7. Revert last performed operation by re-publishing old |
| certificates |
| |
| 8. Reset all Certificates |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|
Note : Use Ctrl-D to exit.
Option[1 to 8]: 6
Manual replacement of the eam.properties file > kb 2148582
Copy the file > cp eam.properties eam.properties.old
root@vcsa1 [ /etc/vmware-eam ]# cp eam.properties eam.properties.old
Determine the hostid > cat /etc/vmware/install-defaults/sca.hostid:
root@vcsa1 [ /etc/vmware-eam ]# cat /etc/vmware/install-defaults/sca.hostid
18fb8399-4c31-389c-2d30-3c3ce6ce9add
lsdoctor script > kb 80469
Upload the lsdoctor.zip file through winscp and put it in the tmp dir, from here unzip the file and enter the lsdoctor-230919 dir to execute the script with the command: python lsdoctor.py -l
root@vcsa1 [ /tmp ]# cd lsdoctor-230919
root@vcsa1 [ /tmp/lsdoctor-230919 ]# ls
CHANGELOG config_log.ini lib lsdoctor.py README templates
root@vcsa1 [ /tmp/lsdoctor-230919 ]# python lsdoctor.py -l
Solution
When analyzing the log files with VMware support we looked at the vmon.log file, and my Colleague noticed the following error:
Stderr = error: cannot stat /etc/logrotate.d/vmware-eam.lr: No such file or directory
Which means that the eam service is trying to start a pre-task, named vmware-eam.lr, but it can’t because it isn’t present at it’s expected location. So we looked in the directory > /etc/logrotate.d
And the file(s) were indeed missing.
Comparing it to the server that had no issues we copied the entire directory including the vmware-eam.lr
root@vcsa1 [ /etc/logrotate.d ]# ls -l
total 84
cap-instant-br.lr
cap-workflow-engine.lr
cloudvm_ram_size.lr
hcl.lr
patch-runner.lr
procstate.lr
syslog
vami-lighttpd
vmware-applmgmt.lr
vmware-auditd.lr
vmware-autodeploy
vmware-eam.lr
vmware_postgres_archiver
vmware_postgres_cron
vmware_postgres_log
vmware_postgres_telemetry
vmware-psc.lr
vmware-sshlog.lr
vmware-syslog.lr
vmware-vmafd.lr
vmware-vsphere-ui.lr
After copying the files to the /etc/logrotate.d directory we were able to start the EAM service successfully!